Professional Documents
Culture Documents
Cis Finals
Cis Finals
Cis Finals
*
a. transactions are properly authorized.
b. personnel are honest and well trained.
c. careful and complete preparation of source documents.
d. all the above are important.
These are controls intended to guarantee that the info processed by the computer is approved, complete, and
precise are called:
*
a. input controls.
b. processing controls.
c. output controls.
d. general controls.
GAS or Generalized audit software packages do all the tasks below except
*
a. precomputations data fields
b. compares files and identify differences.
c. stratifies statistical samples.
d. analyzes results and form opinions.
Evidence are generally considered sufficient when:
*
a. it is appropriate.
b. there is enough of it to afford a reasonable basis for an opinion on financial statements.
c. it has the qualities of being relevant, objective, and free from unknown bias.
d. it has been obtained by random selection.
The most important output control is:
*
a. segregation of duties between the data librarian and the bookkeeper
b. analytical review of reports and outputs for reasonableness by someone who knows what the output
should look like.
c. Control totals
d. Logic tests
When processing controls within the accounting information system may not leave visible evidence that
could be inspected by audit teams, the teams should.
*
a. Make corroborative inquiries.
b. Observe the separation of duties of personnel.
c. Review transactions submitted for processing and compare them to related output.
d. Review the run manual.
A report on factual findings is the end product of the auditor when performing:
*
a. Audit.
b. Review.
c. Agreed-upon procedures.
d. Compilation.
The subject matter of an assurance engagement can take the following forms except
*
a. The entity's internal control.
b. Historical or prospective financial statements.
c. Performance of an entity that could indicate efficiency and effectiveness.
d. Evaluation of a capital investment proposal.
The following are associated when converting from a manual system to an IT system, except?
*
a. Data are now centralized.
b. Permits greater quality and constant controls over operations.
c. It may eliminate the control provided by division of duties of independent persons who perform related
functions and compare results.
d. The bookkeeping function is now placed under the CIS department.
Which of the following computer-assisted auditing techniques processes client input data on a copy of a
program that the client uses under the auditor’s control to test controls in the computer system?
*
a. Blackbox approach
b. Test data approach
c. Integrated test facility
d. Controlled reprocessing.
You own Dude, Inc., which manufactures wooden tables. You need to hire some accountants to prepare your
monthly financial statements. The preparation of your financial statements is referred to as a(n):
*
a. Audit.
b. Compilation.
c. Review.
d. Special report
Which of the following statements is false about the integrated test facility (ITF).
*
a. Actual reports are affected by ITF transactions.
b. The databases contain "dummy" records integrated with legitimate records.
c. It permits ongoing application auditing.
d. It does not interrupt auditee’s operations or necessitate the involvement of IT personnel.
A practitioner should accept an assurance engagement only if
*
a. The subject matter is the responsibility of either the intended users or the practitioner.
b. The subject matter is in the form of financial information.
c. The practitioner's conclusion is to be contained in a written report.
d. The criteria to be used are not available to the intended users.
Which of the following statements is true concerning evidence in an assurance engagement?
*
a. The reliability of evidence is influenced not by its nature but by its source.
b. Sufficiency is the measure of the quantity of evidence.
c. Obtaining more evidence may compensate for its poor quality.
d. Appropriateness is the measure of the quality of evidence, that is, its reliability and persuasiveness.
Testing the input and output of a computer system instead of the computer program itself will
*
a. Unable to discover program errors which are not present in the output sample.
b. Identify all program errors, regardless of the nature of the output.
c. Give the auditor with the same type of evidence.
d. Not give confidence to the auditor in the results of the subsequent audit procedures.
An advantage of a computerized systems is that the computer can automate transactions. Which of the
following activities would not be an appropriate candidate for automatic computer initialization?
*
a. Interest on customer accounts in a bank which calculated periodically.
b. Ordering inventory at preset order levels in a manufacturing facility
c. Periodic calculation of depreciation for which the entity uses the straight-line method.
d. Sales for a customer whose operations are seasonal in nature.
In an assurance engagement, this refers to the information obtained by the practitioner in arriving at the
conclusions on which the conclusion is based.
*
a. Generally accepted auditing standards
b. Assertions
c. Criteria
d. Evidence
Un-reliance by the auditors on a detailed knowledge of the application's internal logic, they are performing.
*
a. auditing around the computer
b. parallel simulation
c. test of data
d. CAATs
When performing a compilation engagement, the accountant is required to
*
a. Make inquiries of management to assess the reliability and completeness of the information provided.
b. Assess internal controls.
c. Verify matters and explanations.
d. Obtain a general knowledge of the business and operations of the entity.
These are independent professional services that improve the quality of information for decision making.
*
a. Management consultancy
b. Audit services
c. Assurance services
d. Attestation services
A human resource employee accidentally entered "40" in the "hours worked per day" field. What type of
data entry control would most likely catch this error?
*
a. financial totals
b. field check
c. limit check
d. validity check
The following assertions regarding general controls are correct except?
*
a. Data disaster recovery plans should find alternate hardware to process data.
b. Successful IT development efforts require the involvement of IT department and user department.
c. The CIS director should report to appropriate level of management and the board of directors.
d. Programmers should have access to computer operations to aid users in resolving problems.
This type of audit is made to determine whether the client is following procedures or rules promulgated by
some higher authority.
*
A. external audit
B. compliance audit.
C. internal audit.
D. controls audit.
An auditor want to assess the risk in a computerized environment. Under these circumstances on which of
the following activities would the auditor initially focus?
*
a. Errors and fraud
b. Application controls
c. Controls over outputs
d. General controls
Which of the items below is not an example of a white box approach?
*
a. ascertaining the fair market value of ending inventory.
b. reviewing the codes of the computer software.
c. testing the system by processing valid and invalid data.
d. transaction tagging
Creating simulated transactions that are processed through a system to generate results that are compared
with predetermined results, is an auditing procedure referred
*
a. Audit Modules
b. Use of test data.
c. SCARFs
d. Parallel simulation.
Which of the following statements concerning compilation engagement is incorrect?
*
a. In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to
auditing expertise to collect, classify, and summarize financial information.
b. A compilation engagement ordinarily entails reducing detailed data to a manageable and understandable
form without a requirement to test the assertions underlying that information.
c. Users of the compiled financial information derive some benefit because of the accountant's involvement
because the service has been performed with due professional skill and care.
d. The procedures employed in a compilation engagement enable the accountant to express a moderate level
of assurance on the compiled financial information.
Which of the following statements is true?
*
a. The degree or level of assurance that may be provided by the practitioner is inversely related to the scope
of procedures performed and their results.
b. Assurance engagements do not require independence.
c. The term "auditor" is broader in scope compared to the term "practitioner."
d. Assurance engagements performed by professional accountants are intended to enhance the credibility of
information.
There should be a proper segregation of duties within the IT department. With this, programmers should do
all but which of the following?
*
a. Perform testing of programs for proper performance.
b. Evaluate legitimacy of transaction data input.
c. Develop flowcharts for new applications.
d. Programmers should perform each of the above.
Which of the following statements concerning the assurance engagement's three-party relationships is
incorrect?
*
a. The responsible party and intended users may be from different entities or the same entity.
b. The term "practitioner" as used in the Framework for Assurance Engagements is broader than the term
"auditor" as used in PSAs and PSREs.
c. An entity's senior management (the responsible party) may engage a practitioner to perform an assurance
engagement on a particular aspect of the entity's activities that is the immediate responsibility of a lower
level of management (the intended user).
d. In an assertion-based engagement the responsible party is responsible for the subject matter information
(the assertion) and may be responsible for the subject matter.
The most likely concern of an auditor regarding controls in a distributed data processing system is?
*
a. Control over hardware
b. Systems documentation controls
c. Access controls
d. Data recovery controls
Analysis of results of the test data method, the auditor would spend the least amount of time reviewing.
*
a. fictitious transactions or test transactions
b. error log reports
c. program of the system
d. output reports
Non Assurance engagements include all of the following except
*
a. Agreed Upon procedures.
b. Management consulting.
c. Preparation of tax returns where no conclusion is expressed.
d. Compliance audit.
This means that two tasks cannot be done by one person only as it may open a window for fraudulent events
or erroneous recordings.
*
a. Segregation of duties
b. Incompatible duties
c. Concentration of duties
d. Compatible duties
An auditor would want to know that username and password controls are working, he would most likely:
*
a. Try to sign into the system using false user credentials and passwords.
b. Make a computer program that simulates the logic of the client’s access control software.
c. Obtain a random sample of processed transactions and ensure that the transactions were appropriately
authorized.
d. Examine statements signed by employees stating that they have not divulged their user identifications and
passwords to any other person.
Who is responsible for the preparation of company’s financial statements in accordance with the applicable
reporting framework.
*
a. the entity’s management
b. the entity’s audit committee
c. the entity’s internal auditor
d. the entity’s board of directors
The objective of a review of financial statements is to:
*
a. Express an opinion on the overall financial statements.
b. Carry out audit procedures agreed on with the client and other users of report
c. State whether anything has come to the auditor's attention that indicates that the financial statements are
not presented fairly.
d. Assist the client in the preparation of the financial statements.
All the concepts below are related with the auditing around the computer to except.
*
a. the program need not be removed from service and tested directly and put it back again after the test.
b. there is un-reliance by the auditors on a detailed knowledge of the application's internal logic.
c. the auditor compares predetermined output results with production input transactions.
d. this approach is used for complex transactions that receive input from many sources.
Which of the following statements best describes review services?
*
a. Review engagements focus on providing assurance on the internal controls of a public company.
b. Review engagements focus on providing assurance on the assertions contained in the financial statements
of a public company.
c. Review engagements focus on providing advice in a three party contract.
d. Review engagements focus on providing limited assurance on financial statements of a private company.
Auditors are creating their own flowcharts of a client’s system when doing the audit, this a graphical
representation that depicts the auditor’s:
*
a. plans for tests of controls.
b. understanding of the CIS system.
c. comprehension of the types of errors that are probable given the present system.
d. documentation of the technical study and evaluation of the system
Which of the following statements is true?
*
a. When testing controls, auditors should assess application controls first before evaluating general controls.
b. When testing controls, auditors should assess application controls and general controls at the same time.
c. When testing controls, auditors should evaluate general controls first before assessing application
controls.
d. All of these are false.
When using test data, why are audit teams required to prepare only one transaction to test each IT control?
*
a. The speed and efficiency of the computer results in reduced sample sizes.
b. The risk of misstatement is typically lower in an IT environment.
c. Audit teams generally perform more extensive substantive testing in an IT environment, resulting in less
need to test processing controls.
d. In an IT environment, each transaction is handled in an identical manner.
An unqualified conclusion is not appropriate for either reasonable or limited assurance engagement when:
I. Circumstances prevent the practitioner from obtaining evidence required to reduce assurance engagement
risk to the appropriate level.
II. The responsible party or the engaging party imposes a restriction that prevent the practitioner from
obtaining evidence required to reduce assurance engagement risk to the appropriate level.
*
a. I only
b. II only
c. Either I or II
d. Neither I nor II
Which of the following services provides a moderate level of assurance about the client's financial
statements?
*
a. Forecasts and projections
b. Compliance with contractual agreement
c. Review
d. Compilation
The following are the elements of an assurance engagement except
*
a. Suitable criteria
b. An appropriate subject matter
c. A two-party relationship involving a practitioner and intended users.
d. Sufficient appropriate evidence
Appropriateness of evidence is a measure of the:
*
a. quantity of evidence.
b. quality of evidence.
c. sufficiency of evidence.
d. meaning of evidence.
These are controls prevent and detect errors while transaction data are transformed into output.
*
a. General Controls
b. Controls over data entry and input
c. Processing Controls
d. Internal Controls
What type of assurance engagement is involved when the practitioner expresses a positive form of
conclusion?
*
a. Negative assurance engagement
b. Limited assurance engagement
c. Reasonable assurance engagement
d. Absolute assurance engagement
When auditors consider only the data placed in the system and the reports or output related to the data, this
is known as:
*
a. white-box approach
b. test data approach.
c. black-box approach
d. generalized audit software approach.
The report on an agreed upon procedures engagement should contain:
*
a. A general description of the procedures performed.
b. An expression of positive assurance based on the specific procedures performed.
c. A statement that the auditor is independent of the entity.
d. Identification of the purpose for which the agreed-upon procedures were performed.
Which of the following is incorrect regarding a compilation engagement?
*
a. The CPA uses his auditing expertise to collect, classify and summarize financial information.
b. The CPA should exercise due care.
c. The engagement ordinarily entails reducing detailed data to a manageable and understandable form.
d. The procedures performed do not enable the accountant to express any form of assurance.
The information obtained by the auditor in arriving at the conclusions on which the audit opinion is based is
called:
*
a. Audit working papers.
b. Audit assertions
c. Audit evidence
d. Audit standards
One of the disadvantages of having a CIS environment is.
*
a. Data can be accessed easily.
b. Computer systems are programmed to perform uniform commands if the system was developed properly.
c. Automated transactions for depreciation and other recurring transactions
d. Data are prone to loss.
Compilation is an example of which one of the following types of services?
*
a. Auditing
b. Accounting
c. Consulting
d. Review
Which of the following is not an element of an assurance engagement?
*
a. An appropriate subject matter
b. Suitable criteria
c. Sufficient appropriate evidence
d. Substantial engagement fee
A continuous audit technique where a transaction record is "tagged" and then traced through critical points
in the information system.
*
a. Audit Modules
b. Systems control audit review files (SCARFs)
c. Audit Hooks
d. Transaction tagging
In performing attestation services, a CPA will normally:
*
a. Recommend uses for information.
b. Improve the quality of information, or its context, for decision makers.
c. Perform market analysis and cost estimate.
d. States a conclusion about a written assertion.
A review of a company's financial statements by a CPA firm:
*
a. Is similar in scope to an audit and adds similar credibility to the statements.
b. Is significantly las in scope than an audit and results in a report which provides positive assurance,
although not absolute assurance.
c. Concludes with the issuance of a report expressing the CPA's opinion as to the fairness of the financial
statements.
d. Is designed to provide only moderate assurance.
Audit teams can obtain evidence of the proper functioning of password access control to an accounting
information system by
*
a. Writing a computer program that simulates the logic of an effective password control system.
b. Selecting a random sample of the client’s completed transactions to check the existence of proper
authorization.
c. Attempting to sign on to the accounting information system with a false password.
d. Obtaining representations from the client’s computer personnel that the password control prevents
unauthorized entry.
Adequate control over access to data processing is required to:
*
a. Prevent improper use or manipulation of data files and programs.
b. Ensure that only console operators have access to program documentation.
c. Minimize the need for backup data files.
d. Ensure that hardware controls are operating effectively and as designed by the computer manufacturer.
Which input control check would detect a posting to the wrong customer account?
*
a. limit check
b. field check
c. key verification
d. hash totals
Which of the below items is an illustration of a data input mistake correction technique?
*
a. immediate correction
b. rejection of batch
c. creation of error log file
d. all are examples of input error correction techniques.
The term "accountant" has been used by Auditing and Assurance Standards Council to refer to a CPA in
public practice who is engaged to:
*
a. Audit financial statements.
b. Review financial statements.
c. Apply agreed upon procedures.
d. Compile financial statements.
Distribution of a report is always restricted when:
*
a. Negative assurance is given.
b. There is a positive expression of opinion.
c. A review has been performed.
d. Agreed-upon procedures have been performed.
For expressing negative assurance in the review report, the practitioner should obtain sufficient appropriate
evidence primarily through
*
a. Inquiry and confirmation
b. Analytical procedures and substantive tests of details of transactions and account balances
c. Confirmation and tests of controls
d. Inquiry and analytical procedures
A feature of CIS is uniformity and consistency of data processing. Therefore, there is a risk that:
*
a. Data cannot be accessed by auditors.
b. Auditors do not have the ability to determine if data is processed consistently.
c. Processing errors can result in the buildup of a huge number of misstatements.
d. All the above.
What assurance is provided by the auditor in an agreed upon procedures engagement?
*
a. No assurance.
b. Low.
c. Moderate.
d. Reasonable.
Typical controls developed for manual systems which are still important in IT systems include:
*
a. transactions are properly authorized.
b. personnel are honest and well trained.
c. careful and complete preparation of source documents.
d. all the above are important.
Which of the following is a class of general controls?
*
a. Controls over computer data processing.
b. Controls over data loss and recovery
c. Controls over data entry and input.
d. Control over reports generated by the system.
GAS or Generalized audit software is of key interest to the auditor in terms of its capability to
*
a. Access information stored on computer files.
b. Select a sample of items for testing.
c. Evaluate sample test results.
d. Test the accuracy of the client's calculations.
All the following are advantages of using IT-based controls, except?
*
a. Voluminous transactions can be processed faster.
b. Replacement of manual controls with computer-based controls.
c. Misstatements is reduced due to consistent processing of transactions.
d. Over-dependence on reports generated by computer.
In assertion-based assurance engagements, the evaluation or measurement of the subject matter against
criteria is performed by the
*
a. Intended users
b. Responsible party
c. Practitioner
d. AASC
For assurance engagements which are neither audits nor reviews of historical financial information, the
following standard applies:
*
a. PSAs
b. PSREs
c. PSAEs
d. PSRSs
Which of the following is an assurance service?
*
a. Performance measurement regarding efficiency and effectiveness of operations
b. Systems design and installation
c. Tax planning
d. Personal financial planning
The subject matter of an assurance engagement may include
I. Historical or prospective financial information
II. Internal controls
III. Compliance with regulation
*
a. I and II only
b. I and III only
c. II and III only
d. I, II, and III
Criteria that are embodied in laws or regulations, or issued by authorized or recognized bodies of experts
that follow a transparent due process are called:
*
a. Suitable criteria
b. General criteria
c. Established criteria
d. Specifically developed criteria
New systems developed are to be tested before they are placed in actual operations, this test approach is
called:
*
a. pilot testing.
b. horizontal testing.
c. integrative testing.
d. parallel testing.
Which of the following best describes relationships among auditing, attest and assurance services?
*
a. Attest is a type of auditing service.
b. Assurance is a type of attest service.
c. Auditing is a type of assurance service.
d. Auditing and attest services represent two distinctly different types of services.
Which of the following is less likely to be used by auditors in obtaining an understanding of client general
controls?
*
a. Analysis of system documentation
b. Inquisition of client personnel
c. Inspection of transaction processing
d. Evaluations of questionnaires completed by client IT personnel.